4) Subscribers have the right to opt-out of marketing communications at all time

“A user may opt-out of receiving subscription messages from a Page at any time.”

Make sure everybody knows that they can unsubscribe by typing – stop. I also like to put a unsubscribe button in my Main Menu.

So that’s all great, but don’t forget to mention it in your Privacy Policy too.

Most Privacy Policies explain how to unsubscribe from an email list, so it would only logic to also include an explanation of how they can unsubscribe from your Messenger Bot.

I added this;

You may unsubscribe to my Messenger Bot at any time by typing “Stop” inside Messenger or by clicking “Unsubscribe” in the persistent menu. You will then be asked for your confirmation to be unsubscribed.

5) Make sure you signed Data Processing Agreement’s

Make sure you have Data Processing Agreement’s (DPA) with all the tools you export data to. For example with Zapier or Google Sheets if you’re using that in combination with ManyChat or Chatfuel.

6) Have the FB Pixel on your website?

This one is processing personal data, which means you have to ask for people their explicit consent to place marketing cookies like this. A tool I can recommend to regulate this is Cookiebot.

Below is an example how I ask for the consent for marketing-cookies. You’ve probably seen it if you’re from Europe.

7) Permission-based marketing

With email marketing, you need someone’s permission to send them future emails. Let’s assume this also applies to Messenger Bots, which means you need to have people their permission to send them messages.

You might want to change your flows to make sure you always ask for this permission. Simply asking ‘would you like to receive furthers tips & tricks?’ should be enough. This is also a great way to filter out leads that are not interested anyway.

With email marketing, you can also get consent in the form they sign-up with. So maybe we can also use “Subscribe to our bot and receive tips & tricks X times a week”. That would count as consent I guess.

8) Privacy Policy

Make sure your privacy policy is updated & easily accessible.

I’ve created an item in my Main Menu called “The Website” with a sub-item called “Privacy Policy”.

9) Personal data processing consent

In ManyChat their GDPR-article they mention you need to have personal data processing consent from your subscribers. Also, you’ll need to be able to prove you’ve obtained consent from existing subscribers to continue messaging them after May 25th.

A name is personal data, so every Messenger Bot is processing personal data.

In my welcome message I ask this;

“Before we start, I want to tell you that these messages are automated & personal data is used to personalize your experience. You can always unsubscribe by typing – stop. Ok?”

I’m not a 100% sure if this message is compliant because there aren’t any resources or examples of how this applies to Messenger Bots.

***

To help you I’ve also created a step-by-step GDPR Checklist, you can get it here in Messenger.

Leave a comment if you’ve any questions, input, feedback or additional resources on this.

Good luck!

P.S. Don’t forget that this law isn’t only for Messenger Bots, your website or email marketing. It probably also impacts other parts of your business.